Certified Mail

Where Can I Get That Salary?After reading “Income
Conundrum” in the August issue’s Editor’s Desk, I have to ask: What
about those who have very little experience and the lowest-level certifications,
yet make loads of dough? Donald Top has an MCP, three years in IT and
is making $60,000; Edward Bailey is an MCSE with 2.5 years in IT and making
$56,000. Is this a joke? Are their employers clueless or something else?
I’m paid about as much as Brad Blauvelt (under $40,000) but with an MCP,
MCSE, CCNA and 10 years in IT.

So, what’s wrong with Brad and me? I’m not severely under compensated,
but I just want to know how these guys could earn so much yet have such
little experience. —Edward Diaz, MCP, MCSE, CCNA
Monterey, California

While I wish your salary survey figures were correct, they seem to be
quite different than what I am being told here in the greater Los Angeles
area. I am a Novell CNE and Microsoft MCP (NT 4.0 workstation) with six
years supporting both Novell and Microsoft networks and a variety of Microsoft
desktop OSes. I also have an MBA degree. Having been unable to find a
job I returned to school to take classes to eventually attain my MCSE.
While I had a base salary of $50,000 as a LAN Support Specialist, I am
now being told I will do well to find a position in the mid- to upper-$30,000s
in Los Angeles. I have sent out resumes and gone to job fairs with no
interviews offered thus far. At a job fair sponsored by the Los Angeles
Times, I was told by one recruiter that 80 percent of the resumes she
received were seeking information technology positions, and they were
really only looking for sales personnel. There are too many people looking
for too few positions. I have friends in the same position.

If you had sent me a salary survey I wouldn't have responded  how
does an unemployed person respond in times like these? A survey of MCPs
and CNEs that starts out with the question: "Are you currently working
full time?" might get a better response. Those who have continued to work
for the same company over the last several years may still make a good
salary, but those of us who have been laid off see a much different picture.
Hopefully you will take this into account in a follow-up survey and article.
Perhaps an article that includes a statistic for how long you have been
in your current position, or how long have you been unemployed might show
a more accurate picture. I will look forward to reading it. Richard Boehle, MCP, CNE

Single Login for Multiple UsersI have a Windows 2000 AD domain with about 15 NT 4.0 workstations
that are essentially sound mixing appliances. Our engineering department
wants to connect all of them to the network in order to access a file
server, but they don’t want the inconvenience of logging in individually
with their regular user accounts. I’ve tried to explain the ramifications
of using a single account for multiple users, but political forces are
overriding my objections. I’ve thought about creating a local “Eng” account
on each workstation with a single, synchronized password so that at least
the SIDs would be different, but the whole situation is an auditing nightmare
that violates the basic tenets of security. What are some options for
satisfying the engineers’ demands while minimizing the security risk?—Jacob E. Balser, MSCE, MCP+I, A+
San Rafael, California

First, you need to ask: What files are the engineers accessing on
the server? If the files needed aren’t security risks and you’re willing
to lock down that engineer account so all it can do is access these
files, then you can minimize the risk. Similar things are done when
shop floor workers need simple access like looking up a bin location
for a part. You use one account, then lock down the machine and lock
the account so it can only perform one function. Or, maybe the answer
is to locate a file server on a network only they can access.
Also, you need to think about the ramifications for
their systems on your network. What could someone else do on your network
if these machines are connected? Could they damage these machines, steal
data, change configurations or shut them down? You now need to lock
down these machines. Does this now give the users Internet access? Think:
viruses, worms, Trojans and other system misuse.
Yes, having one account used by more than one person
is a security risk because there’s no accountability. But, remember
the other tenet: Risk analysis tells you where to concentrate your security
efforts. You can still audit the use of that account, but perhaps make
an arrangement up front on how the account may be used and the process
for removing this privilege and moving to separate accounts should it
be abused. It becomes too difficult to secure the rest of your network
otherwise.
—Roberta Bragg

Unpopular MovesWhen Microsoft testers started writing trick questions because
too many people were passing exams, I decided it wasn’t worth the price
anymore. All the mumbo-jumbo about “value” was really about “test-taking
skills.” Microsoft has changed its software so often that I don’t bother
to memorize how-tos anymore; I just meander through the options and find
something that looks like it might work. This seems to be an OK way to
function, as long as you know what you’re trying to do.

Now it’s a challenge to replace any Microsoft products with a Linux substitute
and make it user-friendly enough to be accepted. Why? Because Microsoft
became the software police, and I can’t take the chance that my customers
might not be in total compliance with the ever-changing licensing programs.

I welcome the attempts MCP Magazine has made to try to frame issues with
Microsoft products in a broader context, and I hope you will expand these
efforts. Whenever Microsoft twists a standard to their own advantage and
blows smoke over the differences, we all suffer. —Robin McCain, MCP
San Francisco, California

Understand Licensing and Save a BundleI helped save my company $48,060 by keeping them informed of an
upcoming upgrade release of a product they were already using in production
and taking advantage of Microsoft’s new implementation of Licensing 6.0.

I work as an IT consultant doing contract work. One of the projects I’ve
been involved with is the implementation of Microsoft Project 2000 in
a collaborative environment using SQL Server for storing projects and
Project Central as a Web-based interface to view those projects. Microsoft
Project 2002 in all its new flavors (Standard, Professional, Server and
Web-Access) was recently launched. Knowing that my company will eventually
want to take advantage of the new enterprise features, I set out to fully
understand how Licensing 6.0 would affect the cost of upgrading our currently
installed base of licensed MS Project users.

I couldn’t have done this on my own. I employed the help of reps from
both Microsoft and our software vendor.

I finally came up with a presentation that the “check-signers” could
easily understand, and a purchase order was made. Now comes the fun part
of migrating. —Robert B. Zane, MCSE+I
Plano, Texas

Too Many Admins Spoil the SoupI’m an IT security officer responsible for managing my company’s
security policy and strategy. We have a Microsoft Competency Center that
safeguards our Active Directory environment and have a problem with an
overabundance of administrators. How can I regularly run a report that
lists the membership of important groups, such as administrators, without
having administrator rights myself? We’re losing control with too many
admins in the system, and we have service accounts to which the admins
may have password access.—Ravin Jugdav
Cape Town, South Africa

I’d suggest using a tool. A free one is dumpsec, www.somarsoft.com,
and it’s useful for security officers, auditors and administrators.
All tools require an administrator to run it; you wouldn’t want just
anyone to discover this kind of information. However, this should be
run periodically as part of an audit. An administrator can run it and
place the reports where you, as security officer, can review them. This
way, you’ve also kept your separation of duties (security should proscribe
and enforce, but not implement) and your ability to review. But what
will that review do if you don’t have authority to reduce the number
of admins? There must be some overview of the whole picture, including
risk analysis.
As to the admins knowing the service account passwords,
someone has to maintain and change them. But they shouldn’t be widely
known or used for logon. Sounds like you have an immense chore ahead
of you. Good luck.
—Roberta Bragg

Working Under the InfluenceDian Schaffhauser’s July Editor’s Desk, “The
Influencer,” got me. Every week, articles are published in the magazines
of our trade detailing the exploits of CTOs and CIOs. These articles describe
how these people seemingly change their entire operations single-handedly.
Being a networking professional for almost 10 years, I know that this
isn’t the way the IS world works. There’s a possibility that at some company
somewhere, a CIO is doing the work of a full IS staff. He or she is evaluating
problems, discerning solutions, proposing options, purchasing and finally
deploying the necessary products or services to solve his or her problem.
This isn’t likely in the real world. In most companies I’ve seen (including
my own), there’s a hierarchy of support staff who provide the information
necessary for the CIO/CTO/Director to make informed decisions. Without
the research, experience and knowledge of these staff members, good decisions
wouldn’t be made. According to your article, manufacturers want to direct
their attention to the CTOs. Why? So that when an experienced Microsoft
junkie proposes the right products to solve the company’s problem, the
CTO can recognize the product from a magazine? What’s the value in that?
Hopefully, we’ll someday value the talents at all levels of IS, and manufacturers
will correctly identify where the real purchasing power exists—in the
trenches.—Paul Beasley, MCSE
Plymouth, Minnesota

Frankly, I bypass quite a bit of the certification stuff. I've hit it
so hard for so long, I feel I need a break. But when I read your magazine,
I really look forward to the in-depth technical articles you publish.
Your magazine not only helps Microsoft toot their own horn, but holds
them accountable for their screw-ups as well. We all know it's a great
product line, but just like everything else, it can use improvements;
you're not afraid to tell it straight. MCP Magazine is wonderful at exploring
new tools and technologies as well as occasionally taking us all back
to basics to remind us of the power of the old tools we seem to forget.
You're innovative and cutting edge, and any vendor foolish enough to advertise
to the Cs instead of to the masses in the trenches is led by fools and
shouldn't be in business in the first place.—Earl Grylls, MCSE, A+Arvada, Colorado

I'm an MCSE working for a multinational company, and am finishing up
a Windows 2000/AD/SMS/Exchange rollout. There isn't a router, server,
desktop, laptop or software package that my team doesn't select, test
and approve, then roll out. The "C" levels want e-mail, not Exchange;
they want virus protection, not McAfee; fast, light laptops, not Toshiba
9100s; color printers, not HP 4500s. We select the equipment, set the
standards, get the quotes and purchase. If it's big and we're initiating
it, we do the business case and prove that it's needed.— David Bratton, MCSE
Denver, Colorado

It isn't the "C" leader of the IT staff buying the product in most cases.
Rather, it's the IT folks in the trenches running the day-to-day systems
and networks, and not tied up in executive meetings during a good portion
of the day. These folks troubleshoot the problems, identify the sources,
look for solutions and make recommendations to buy or, in fact, do the
buying. The Cx's task ought be to support the needs of the staff, whose
responsibility is to support the needs of the users, whose tasks are to
support the needs of the organization. Seems simple enough. However, it
all depends on the management style and effectiveness of the C. I'm a
strong supporter of an inverted management style, in contrast to most
in use today. Who better understands the problem than the person who dealing
with it hands-on?

My perception of a manager is the person who guides, coaches and relies
on their staff to do the job; that means supporting those under their
responsibility. Whether or not you support participative management, traditional
1950s management or leadership management, the fact is that the real evaluator
of solutions is the IT staffer in the field. —Ron Houle, MCSE, MCT, MCP, CVA, CNA, Net+
Brainerd, Minnesota

You're right on track with the July editorial. Our CTO has so many responsibilities
that he doesn't have time to research products and software. He depends
on us, the IT department, for this. We do the research, download and test
the demos, then write up the POs for him to sign. That's probably how
it's done in other companies as well.—Brad Holloway
Los Angeles, California

There's a disturbing thing I've noticed that may be a factor in limiting
the influence of technical professionals. I first noticed this in the
owner of a software development company I worked for and, since starting
my own software development firm, have seen repeatedly in non-technical
people who manage technical staffs.

I've seen an apparent distrust or suspicion of technical people that
leads non-technical IT managers to tend to discount the recommendations
and opinions of their staff. I first thought it was just one boss I had,
but I've seen it among so many clients that I'm suspecting it isn't unusual.

What I think is happening is that technical people enjoy what they do,
and unfortunately, they show it. They take delight in applying new technologies
and solving problems. The non-technical managers see this, and not understanding
exactly what we do, interpret our "solutions" simply as a request for
new toys to play with. My cynical side sometimes thinks that people who
may not particularly enjoy their work assume anyone who does isn't really
working and any recommendations they make are merely to further their
enjoyment rather than provide value to the organization. What these non-technical
managers often do know are the buzzwords that repeatedly show up in the
trade press, and in an attempt to control the process (rather than letting
all of those geeks have any more fun), will suggest or request specific
technologies to solve problems. As a result, we find ourselves trying
to make our solutions "buzzword compliant," rather than putting together
the appropriate solutions.—Steve Sawyer
Detroit, Michigan

You nailed it! We're the ones a company officer finds after a meeting
and says he needs in his hip pocket. I am the influencer, and in most
cases, buying decisions are left to me as well. I'm not a supervisor but
rather a technologist (network architect). Most often, I'm the guy to
whom the C-titles go and ask the tough questions about tactical and strategic
network issues. I'll leave the politics and high-pressure stuff to the
"directors." It's too much fun to evaluate vendors, test proof of concept,
and play with the "toys" in the lab (affectionately named the sandbox).
Vendors often forget who's really buying their products.—Kevin A. Lanning, MCSE, CCNA, CCDA, CCSA, CCSE

I, too, have tired of eWeek, InfoWorld and the like. Who
needs to know who is doing what with What's-His-Name, the CEO of a forgotten
company. I need to know about people like me. I work for an IT outsourcing
company, and am the network administrator for 26 smaller companies (5
to 30 users). This is a lot of fun, and no two days are ever the same.
Our company has a niche market with Small Business Server. Some clients
have multiple sites. Articles about the usefulness of terminal server,
VPN appliances (Shiva box), Outlook Web Access and so on really make a
difference in the services and level of service we can offer our clients.
We've learned to use the software to its full capability. Any new hints
tips, setup procedures that can be adapted and used in varying situations
are always greatly appreciated.—Douglas Coulter, A+, MCSE
Ottawa, Ontario

I'm a consultant for a large services organization. My division specializes
in architecting Microsoft solutions. I read your column and agree 110
percent-we need to use our experience and education to influence corporate
decision makers. However, I'm starting to believe this is impossible.
Almost every project I go on is a logistical disaster. Most managers have
their own agenda. I've been on projects to do "design reviews," only to
find out that the manager wants to fire the local administrator and that's
why he doesn't like the design. I've been placed on projects where management
doesn't allow time for proper testing and piloting, only to find out that
come deployment time, nothing works. My favorite is management wants to
cram multiple CPU-intensive services on one server, even though it's argued
that the server can't handle the load.

My belief is that Microsoft, through its MCSE program, has "graduated"
several thousand MCSEs into the management ranks. Many of these folks
don't understand the "hows" and "whys" of Microsoft network design. They
simply believe networks can be slapped together like someone that uses
duct tape on an old box. The sad truth is that the simplicity of use that
Microsoft provides shrouds the details that need to be investigated when
one does a Microsoft design. Yet, I am finding all too often that those
in charge of these projects have little or no understanding of this, and
that having an MCSE doesn't give me the respect I need to command attention
to these details.

All in all, I believe my MCSE is no more than a base requirement, similar
to a high school diploma. My CCIE counterparts don't have the same troubles
when negotiating design strategies. I believe this a direct reflection
of a poor certification program that provides the MCSE holder with little
more than a card in their wallet stating they have completed a baseline
requirement for work as a Microsoft professional. After 4-plus years as
an MCSE, I still don't see any elevation of my or my co-workers status
as true professionals whose opinions are valued.—Michael Steinberg, MCSE
Houston, Texas

I've found that at my level, it doesn't pay to offer any insight to management
because it won't help me; it may, however, help the manager who steals
my ideas and then takes credit for them.

If things actually were made to work properly in the enterprise, it threatens
my job as a contractor. We're the first to be laid off, even if our production
is superior to the employees. Smoother-running networks mean fewer problems,
less call volume and elimination of jobs. If I had it to do over again,
I would've gone to law school. There's a service that knows how to get
paid.—Michael Ottinger, MCP
Columbus, Ohio